Where to free download the new Cisco 642-515 exam questions to pass the exam easily? Now, Flydumps has publised the new version of Cisco 642-515 exam dumps with new added exam questions. you can also get free VCE and PDF, and the new Cisco 642-515 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!
Exam A
QUESTION 1
Refer to the exhibit. You are configuring a Cisco ASA security appliance to participate in a VPN cluster. Based on the exhibit, to which value would you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?
A. 0
B. 1
C. 10
D. 100
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Refer to the exhibit. You are the administrator of multiple remote Cisco ASA security appliances, security
appliances for SSL VPNs and are requiring a client certificate, as shown.
How would this configuration affect your next ASDM connection to this Cisco ASA security appliance?
A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
C. You would be required to download the identity certificate of the remote Cisco ASA security appliance.
D. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit. You are the administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You have been tasked to deploy the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic that is to be passed to the AIP-SSM. On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)
A. Inside interface
B. Dmz interface
C. Internet interface
D. Globally on all interfaces
E. Outside interface
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit. You are configuring the Cisco ASA security appliance as the hub in a hub-and-spoke
site-to-site VPN.
Which of these configurations will enable traffic to flow between spokes?
Exhibit:
A.
B.
Correct Answer: D Section: VPN Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields
that are traversing the network.
Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?
policy-map type inspect http TEST
parameters
match request header length gt 100
reset
match request header length gt 200
log
A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
C. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
D. Yes, because the log action for headers greater than 200 bytes would be the last match.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Refer to the exhibit. The network security administrator for XYZ Corporation wants to configure the
corporate Cisco ASA security appliance to take the following actions on its outside interface: –rate limit all IP traffic from telecommuting system engineers to the insidehost –drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes –prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server
Which set of Modular Policy Framework components will be involved in accomplishing this goal?
A. One Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer 3/4 policy map
B. One Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
C. Two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
D. Three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. You have configured a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. During the configuration, you defined a list of backup servers for the security appliance to use. After a few hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?
A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
B. The group policy that was configured on the primary VPN server was pushed to your Easy VPN client and overwrote the list of backup servers that you had configured.
C. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured.
D. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 8
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance that is configured with a
local CA.
Based on the exhibit, for which purpose would the user student1 use this password?
A. Authentication to the SSL VPN server
B. Retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
C. Retrieval of the Cisco ASA security appliance identity certificate
D. The initial authentication to the SSL VPN server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Observe the following exhibit carefully. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session would trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often called TCP-over-TCP meltdown. According to the presented Cisco ASDM configuration, which Cisco ASA security appliance configuration will most likely solve this problem?
A. Compression
B. MTU size of 500
C. Keepalive Messages
D. Datagram TLS
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit. You have been tasked with configuring your Cisco ASA security appliance for EIGRP
routing.
Based on the information that is provided in the exhibit, which two Cisco ASDM configurations will add
these networks to the configuration of EIGRP? (Choose two.)
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
The two networks where the AS is the same.
Cisco 642-515 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-515 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-515 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-515 exercises help you think about exam objectives in real-world situations, thus increasing recall during exam time.